Penetration tests rarely improve a client’s security. We know this because last year’s test feels horribly close to this year’s. In terms of value to the business, they fall flat in most ways – they are misunderstood from the start, during the test, and at the report. We want to dispel the confusion and tie the technical work to the business to turn this situation around. We believe that a penetration test can provide a compelling story and act as an important piece of the puzzle in an organization’s security strategy, but the road to getting value from these tactical exercises is a long and arduous one. In this talk we’ll take you with us on a journey in an effort to try tackle the underlying issues and solve this long standing industry problem.
Mark Bassegio is an offensive security expert that specializes in physical security and network security consulting. During his years in security, Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to exploit weaknesses in proximity-based building access controls.
Tim West has extensive experience in security leadership. He has worked as a security practitioner and as a successful security consultant. As a consultant, Tim has delivered significant projects rebooting security programs in billion-dollar organizations and engaging in high-profile projects including US federal corrective action plans. As a practitioner and leader, Tim has lead teams at a Fortune 25 healthcare organizations responsible for governance, threat and vulnerability management as well as risk and compliance. Tim has spoken nationally on topics of compliance and technical security, medical devices, and other research areas such as cyber security insurance practices.